Senior Manager, Healthcare Privacy and Compliance

Come join our team!

There are many reasons why EPIC Insurance Brokers Consultants has become one of the fastest-growing firms in the insurance industry. Fueled and driven by capable, committed people who share common beliefs and values and “bring it” every day, EPIC is always looking for people who have “the right stuff” – people who know what they want and aren’t afraid to make it happen.

Headquartered in San Francisco and founded in 2007, our company has over 3,000 employees nationwide. With locations spread out across the U.S., our local market knowledge and industry expertise helps support our clients' regional and global needs. We have grown very quickly since our founding, and we continue to see growth and success thanks to our hard-working and growth-minded employees.

Our core values are: Owner mindset, Inspire trust, Think big, and Drive results. If these values and growth align with what you're looking for in your next career? Then consider joining our amazing team!

JOB OVERVIEW:

The primary objective of the Senior Manager, Healthcare Privacy and Compliance is to strategically lead and continuously enhance the organization’s healthcare privacy and compliance program, ensuring all operations adhere to the highest regulatory and ethical standards. This role is responsible for proactively managing compliance risks, fostering a culture of accountability and data security, and collaborating with key stakeholders across and outside the organization to maintain effective compliance practices.

The Senior Manager, Healthcare Privacy and Compliance must be a strategic, analytical, and technically proficient leader with deep expertise in healthcare data privacy and compliance. This person should be detail-oriented, and self-motivated, with strong communication skills and the ability to collaborate effectively across diverse teams. This position will work closely with executive leadership as well as with the compliance committee, business unit leaders, IT and security teams, and internal departments such as HR, legal, and operations. Additionally, they will engage employees and contractors through training and compliance initiatives and interact with external stakeholders including regulatory authorities and clients.

LOCATION: This position is 100% remote

WHAT YOU’LL DO:

PRIMARY OBJECTIVES:

• Lead the development, implementation, and continuous improvement of a comprehensive healthcare privacy and compliance program.
• Ensure all organizational operations meet and exceed regulatory, governance, and client standards, including HIPAA, HITRUST, SOC2, and Medicare/Medicaid requirements.
• Proactively identify and mitigate compliance risks across the enterprise.
• Foster a culture of accountability, data security, and ethical practices throughout the organization.
• Collaborate with executive leadership, business unit leaders, IT and security teams, internal departments, employees, contractors, and external stakeholders to ensure effective compliance management.
• Promote compliance awareness and provide training to all relevant parties.

RESPONSIBILITIES

• Lead the design, implementation, and ongoing enhancement of a comprehensive healthcare privacy and compliance program, ensuring all divisions consistently meet or exceed regulatory, governance, and client standards, including HIPAA, HITRUST, SOC2, and Medicare/Medicaid requirements.
• Develop, update, and enforce policies, procedures, and monitoring activities to guarantee compliance with all relevant regulations and contractual obligations, proactively adapting to changes in the regulatory landscape.
• Oversee and continuously improve the auditing program, including planning audits, gathering and analyzing evidence, identifying deficiencies, and driving the implementation of corrective actions to strengthen compliance posture.
• Serve as a trusted advisor to business units, providing expert guidance on certifications, regulatory requirements, and best practices for healthcare data privacy and security.
• Chair and manage the compliance committee for relevant business units, facilitating cross-functional collaboration and ensuring alignment on compliance objectives and initiatives.
• Continuously monitor, assess, and document compliance risks across the organization, maintaining a dynamic risk register and prioritizing mitigation strategies to address vulnerabilities and emerging threats.
• Coordinate with internal teams to develop and execute comprehensive risk mitigation plans, ensuring timely resolution of compliance issues and fostering a proactive risk management culture.
• Develop, maintain, and execute an incident response plan for compliance breaches, collaborating with relevant teams to investigate, report, and remediate incidents in accordance with regulatory requirements.
• Design and deliver engaging training programs for employees and contractors, promoting compliance awareness, best practices, and the importance of data security throughout the organization.
• Maintain accurate, up-to-date records, reports, and documentation related to all compliance activities, preparing and submitting detailed compliance reports to senior management and regulatory authorities as required.
• Establish and track performance measures, goals, and reporting methodologies to evaluate and improve the effectiveness and productivity of compliance initiatives.
• Collaborate with business units to ensure business continuity planning is fully aligned with compliance and regulatory requirements, supporting organizational resilience and preparedness.
• Lead the timely and thorough completion of security risk assessments for current and prospective clients, ensuring all client engagements adhere to the highest standards of privacy and compliance.

WHAT YOU’LL BRING:

• Candidate must have a minimum of 5 years of experience leading healthcare data compliance initiatives with multiple cross functional stakeholders - Deep understanding of implementing and assessing controls in complex environments.
• Strong knowledge of HIPAA, HITRUST, SOC2 and other relevant regulatory standards.
• Strong written and verbal communication skills.
• Strong analytical, problem-solving, and communication skills.
• Exceptional attention to detail and a commitment to upholding the highest ethical standards.
• Ability to collaborate and coordinate effectively with cross-functional teams and communicate compliance requirements clearly.
• Diverse security and IT background with knowledge in multiple areas including policy, IT service management, networking, infrastructure, application development and information security-related standards and initiatives.
• Self-motivated; able to work with minimal supervision.

COMPENSATION:

The national average salary for this role is $150,000 - $180,000.00 in base pay and exclusive of any bonuses or benefits. The base pay offered will be determined based on your experience, skills, training, certifications and education, while also considering internal equity and market data.

WHY EPIC:

EPIC has over 60 offices and 3,000 employees nationwide – and we’re growing! It’s a great time to join the team and be a part of this growth. We offer:

• Generous Paid Time off
• Managed PTO for salaried/exempt employees (personal time off without accruals or caps); 22 PTO days starting out for hourly/non-exempt employees; 12 company-observed paid holidays; 4 early-close days
• Generous leave time options: Paid parental leave, pregnancy disability and bonding leave, and organ donor/bone marrow donor leave
• Generous employee referral bonus program of $1,500 per hired referral
• Employee recognition programs for demonstrating EPIC’s values plus additional employee recognition awards and programs (and trips!)
• Employee Resource Groups: Women’s Coalition, EPIC Veterans Group
• Professional growth development: Mentorship Program, Tuition Reimbursement Program, Leadership Development
• Unique benefits such as Pet Insurance, Identity Theft Fraud Protection Coverage, Legal Planning, Family Planning, and Menopause Midlife Support
• Additional benefits include (but are not limited to): 401(k) matching, medical insurance, dental insurance, vision insurance, and wellness employee assistance programs
• 50/50 Work Culture: EPIC fosters a 50/50 culture between producers and the rest of the business, supporting collaboration, teamwork, and an inclusive work environment. It takes both production and service to be EPIC!
• EPIC Gives Back – Some of our charitable efforts include Donation Connection, Employee Assistance Fund, and People First Foundation
• We’re in the top 10 of property/casualty agencies according to “Insurance Journal”

To learn more about EPIC, visit our Careers Page: https://www.epicbrokers.com/about/epic-careers/.

EPIC embraces diversity in all its various forms—whether it be diversity of thought, background, race, religion, gender, skills or experience. We are committed to fostering a work community where every colleague feels welcomed, valued, respected and heard. It is our belief that diversity drives innovation and that creating an environment where every employee feels included and empowered, helps us to deliver the best outcome to our clients.

California Applicants - View your privacy rights at: https://www.epicbrokers.com/wp-content/uploads/2025/01/epic-ca-employee-privacy-notice.pdf.

Massachusetts G.L.c. 149 section 19B (b) requires the following statement: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

#PSG